Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 06:50:46, on 15/03/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe
C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Barclays\Business Manager\rsrc\binaries\main\BarclaysBusinessManager.exe
C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
C:\Program Files\BELKIN USB Wireless Monitor\WLanCfgG.exe
C:\Program Files\Kodak\printer\center\KodakSvc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_12\bin\jucheck.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 – HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 – HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 – HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 – HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://164.38.33.5/proxy.pac
R3 – URLSearchHook: UrlSearchHook Class – {00000000-6E41-4FD3-8538-502F5495E5FC} – C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 – URLSearchHook: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 – URLSearchHook: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 – Hosts: 212.95.49.214 www.google.com
O1 – Hosts: 212.95.49.214 www.google.de
O1 – Hosts: 212.95.49.214 www.google.fr
O1 – Hosts: 212.95.49.214 www.google.co.uk
O1 – Hosts: 212.95.49.214 www.google.com.br
O1 – Hosts: 212.95.49.214 www.google.it
O1 – Hosts: 212.95.49.214 www.google.es
O1 – Hosts: 212.95.49.214 www.google.co.jp
O1 – Hosts: 212.95.49.214 www.google.com.mx
O1 – Hosts: 212.95.49.214 www.google.ca
O1 – Hosts: 212.95.49.214 www.google.com.au
O1 – Hosts: 212.95.49.214 www.google.nl
O1 – Hosts: 212.95.49.214 www.google.co.za
O1 – Hosts: 212.95.49.214 www.google.be
O1 – Hosts: 212.95.49.214 www.google.gr
O1 – Hosts: 212.95.49.214 www.google.at
O1 – Hosts: 212.95.49.214 www.google.se
O1 – Hosts: 212.95.49.214 www.google.ch
O1 – Hosts: 212.95.49.214 www.google.pt
O1 – Hosts: 212.95.49.214 www.google.dk
O1 – Hosts: 212.95.49.214 www.google.fi
O1 – Hosts: 212.95.49.214 www.google.ie
O1 – Hosts: 212.95.49.214 www.google.no
O1 – Hosts: 212.95.49.214 search.yahoo.com
O1 – Hosts: 212.95.49.214 us.search.yahoo.com
O1 – Hosts: 212.95.49.214 uk.search.yahoo.com
O2 – BHO: &Yahoo! Toolbar Helper – {02478D38-C3F9-4efb-9B51-7695ECA05670} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 – BHO: AcroIEHelperStub – {18DF081C-E8AD-4283-A596-FA578C2EBDC3} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 – BHO: WormRadar.com IESiteBlocker.NavFilter – {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} – C:\Program Files\AVG\AVG9\avgssie.dll
O2 – BHO: Yahoo! IE Services Button – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 – BHO: SSVHelper Class – {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} – C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O2 – BHO: (no name) – {7E853D72-626A-48EC-A868-BA8D5E23E045} – (no file)
O2 – BHO: Windows Live Sign-in Helper – {9030D464-4C02-4ABF-8ECC-5164760863C6} – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 – BHO: ST – {9394EDE7-C8B5-483E-8773-474BF36AF6E4} – C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 – BHO: AVG Security Toolbar BHO – {A3BC75A2-1F87-4686-AA43-5347D756017C} – C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 – BHO: Google Toolbar Helper – {AA58ED58-01DD-4d91-8333-CF10577473F7} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 – BHO: Adobe PDF Conversion Toolbar Helper – {AE7CD045-E861-484f-8273-0445EE161910} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 – BHO: Google Toolbar Notifier BHO – {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} – C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 – BHO: MSNToolBandBHO – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 – BHO: Ask Toolbar BHO – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 – BHO: SmartSelect – {F4971EE7-DAA0-4053-9964-665D8EE6A077} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 – BHO: SingleInstance Class – {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 – Toolbar: MSN – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 – Toolbar: Yahoo! Toolbar – {EF99BD32-C1FB-11D2-892F-0090271D4F88} – C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 – Toolbar: AVG Security Toolbar – {CCC7A320-B3CA-4199-B1A6-9F516DD69829} – C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 – Toolbar: BluePhone Toolbar – {D4027C7F-154A-4066-A1AD-4243D8127440} – C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 – Toolbar: Google Toolbar – {2318C2B1-4965-11d4-9B18-009027A5CD4F} – C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 – Toolbar: Adobe PDF – {47833539-D0C5-4125-9FA8-0819E2EAAC93} – C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 – HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 – HKLM\..\Run: [VTTimer] VTTimer.exe
O4 – HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 – HKLM\..\Run: [TI WLAN] C:\Program Files\Wirelwss LAN Utility\TIWLANCu.exe
O4 – HKLM\..\Run: [Barclays Business Manager] C:\Program Files\Barclays\Business Manager\bin\BarclaysBusinessManager.exe /server
O4 – HKLM\..\Run: [Google Desktop Search] “C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe” /startup
O4 – HKLM\..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe”
O4 – HKLM\..\Run: [Adobe Reader Speed Launcher] “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 – HKLM\..\Run: [btbb_McciTrayApp] “C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe”
O4 – HKLM\..\Run: [btbb_wcm_McciTrayApp] “C:\Program Files\BT Broadband Desktop Help\btbb_wcm\McciTrayApp.exe”
O4 – HKLM\..\Run: [AntiVirus Plus] C:\Program Files\AntiVirus Plus\AntiVirus Plus.70342.exe
O4 – HKLM\..\Run: [10549684] C:\Documents and Settings\All Users\Application Data\10549684\10549684.exe
O4 – HKLM\..\Run: [Getca] C:\Program Files\BELKIN USB Wireless Monitor\InfoMyCa.exe
O4 – HKLM\..\Run: [O2Start] C:\Program Files\O2CM-CE\O2 Connection Manager\tscui.exe /s
O4 – HKLM\..\Run: [Wsiba] rundll32.exe “C:\WINDOWS\iqenikanuj.dll”,Startup
O4 – HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 – HKLM\..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 – HKLM\..\Run: [Adobe Acrobat Speed Launcher] “C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe”
O4 – HKLM\..\Run: [Acrobat Assistant 8.0] “C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe”
O4 – HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 – HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 – HKCU\..\Run: [{3BAF3B0A-0282-5DD6-2A3C-AC0B32FC4C9D}] “C:\Documents and Settings\Dawn\Application Data\Xuaxym\xeebh.exe”
O4 – HKCU\..\Run: [Nloqaguheye] rundll32.exe “C:\WINDOWS\xseauthn.dll”,Startup
O4 – HKCU\..\Run: [{E2469F16-D6AC-796C-070B-19346A77F830}] “C:\Documents and Settings\Dawn\Application Data\Utehom\vywag.exe”
O4 – HKCU\..\Run: [{6583AACA-59FB-771A-8161-CFAC72751843}] “C:\Documents and Settings\Dawn\Application Data\Elysl\acnys.exe”
O4 – HKCU\..\Run: [Skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized
O4 – HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 – HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 – HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘SYSTEM’)
O4 – HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User ‘Default user’)
O4 – Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 – Global Startup: SmartSoft PDF Printer Agent.lnk = C:\Program Files\Smart PDF Creator Pro\SmartSoft PDF Printer Agent.exe
O8 – Extra context menu item: Append Link Target to Existing PDF – res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 – Extra context menu item: Append to Existing PDF – res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 – Extra context menu item: Convert Link Target to Adobe PDF – res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 – Extra context menu item: Convert to Adobe PDF – res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 – Extra context menu item: E&xport to Microsoft Excel – res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 – Extra context menu item: Google Sidewiki… – res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 – Extra button: (no name) – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 – Extra ‘Tools’ menuitem: Sun Java Console – {08B0E5C0-4FCB-11CF-AAA5-00401C608501} – C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 – Extra button: BT Yahoo! Services – {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} – C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 – Extra button: (no name) – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 – {e2e2dd38-d088-4134-82b7-f2ba38496583} – C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 – Extra button: Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O9 – Extra ‘Tools’ menuitem: Windows Messenger – {FB5F1910-F110-11d2-BB9E-00C04F795683} – C:\Program Files\Messenger\msmsgs.exe
O16 – DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) – http://www.runaware.com/dolphin/wficat.cab
O16 – DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) – C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 – DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) – http://www.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
O16 – DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) – http://download.divx.com/player/DivXBrowserPlugin.cab
O16 – DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) – http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 – DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) – http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 – Protocol: ActLink – {2A0C35F4-82A3-4C80-919D-7879FEE79DF6} – C:\Program Files\ACT\actlink.dll
O18 – Protocol: avgsecuritytoolbar – {F2DDE6B2-9684-4A55-86D4-E255E237B77C} – C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 – Protocol: linkscanner – {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} – C:\Program Files\AVG\AVG9\avgpp.dll
O18 – Protocol: skype4com – {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} – C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 – AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 – Winlogon Notify: avgrsstarter – avgrsstx.dll (file missing)
O20 – Winlogon Notify: GoToAssist – C:\Program Files\Citrix\GoToAssist\570\G2AWinLogon.dll
O22 – SharedTaskScheduler: Browseui preloader – {438755C2-A8BA-11D1-B96B-00A0C90312E1} – C:\WINDOWS\system32\browseui.dll
O22 – SharedTaskScheduler: Component Categories cache daemon – {8C7461EF-2B13-11d2-BE35-3078302C2030} – C:\WINDOWS\system32\browseui.dll
O23 – Service: Automatic LiveUpdate Scheduler – Symantec Corporation – C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 – Service: AVG Security Toolbar Service – Unknown owner – C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 – Service: AVG Free WatchDog (avg9wd) – AVG Technologies CZ, s.r.o. – C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 – Service: BecHelperService – Unknown owner – C:\Program Files\3 Mobile Broadband\3Connect\BecHelperService.exe
O23 – Service: Belkin 54Mbps Wireless USB Network Service (Belkin 54Mbps Wireless USB) – Unknown owner – C:\Program Files\BELKIN USB Wireless Monitor\WLService.exe
O23 – Service: FLEXnet Licensing Service – Macrovision Europe Ltd. – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 – Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) – Google – C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 – Service: GoToAssist – Citrix Online, a division of Citrix Systems, Inc. – C:\Program Files\Citrix\GoToAssist\570\g2aservice.exe
O23 – Service: Google Update Service (gupdate1c9d4d4ab8d54b2) (gupdate1c9d4d4ab8d54b2) – Google Inc. – C:\Program Files\Google\Update\GoogleUpdate.exe
O23 – Service: Google Software Updater (gusvc) – Google – C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 – Service: Kodak AiO Device Service (KodakSvc) – SDSD – C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 – Service: LiveUpdate – Symantec Corporation – C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 – Service: stllssvr – MicroVision Development, Inc. – C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 – Service: TI Wlan Service (tiwlnsvc) – Unknown owner – C:\Program Files\Wirelwss LAN Utility\tiwlnsvc.exe
—
End of file – 15728 bytes